Greetings from London,
Yesterday we kicked off the Resilient track at Master Skills University in London and got to hear from Resilient's
@Brenden Glynn on designing efficient processes and playbooks in Resilient. For the first day, we got to take a closer look inside the Resilient platform. This involved creating new incidents, and interacting with those newly created incidents step-by-step. Here are some of the questions that emerged from this session from users:
- Can we automate the manual process of adding an IP (from an email or other source)?
- Can we merge incidents based on similar artifacts?
One user mentioned that they use a threat enrichment integration with Resilient to provide incidents with information and context on various observable artifacts. In addition to the threat sources available out-of-the-box in Resilient (X-Force, AlienVault, abuse.ch, etc.), various threat enrichment integrations can be found on the
IBM Security App Exchange.There is no current feature that allows for the merging of incidents based on similar qualities. As pointed out by Brenden, if you have a request for enhancement to Resilient, please sign into the Customer SuccessHub and visit our
"Ideas" board to submit an idea and vote on others.
I had the pleasure of meeting some current community members that stopped by the booth yesterday. Please stop by and say hello if you're attending the event this week. Stay up-to-date with information and content this week by checking out the discussion posts.
Cheers,
------------------------------
Connor Costello
Product Marketing
------------------------------